@eaplmx@twtxt.net This means you made progress on your COBOL time machine, cool!

@david@netbros.com Hahaha, don’t eat and read, it’s a dangerous territory out here! :-D

@david@netbros.com These are very lovely indeed. Reminds me of biology class in fifth grade or something around that era. We looked at all kind of different things with microscopes. Pretty nice.

@movq@www.uninformativ.de That’s some pretty cool idea, but I will immediately get eye cancer if I tried to use this for real.

@david@netbros.com WTF, just WTF. I don’t know what else to say about it.

@david@netbros.com Hahahaha, this is brilliant! “Oh the bright side, you’re the first successful multiple suicide.” Laughing my ass off! :‘-D

@darch@twtxt.net I just sent you a merge request that fixes the typos I spotted.

Now to one very severe security flaw, the filesystem traversal attack. You must never ever trust user input. Never. Ever. Not in a hundred years. Or the devil himself will kidnap your kids, your wive and yourself to steal their souls, rape and then painfully kill all of them.

Back to the user input. This also goes for the filename of the submitted file upload. You either have to sanitize it or even better, just generate a new one, you know is safe. Currently you just use the user’s filename, replace spaces with hyphens, convert it to lowercase and prepend the date. So basically, doing nothing in terms of sanitizing. But if the filename contains slashes, you’re basically fucked. Imagine a user-supplied filename of ../../../../../etc/passwd or something similar. It will then override system data or any of your scripts or whatever, if the user running the PHP script has sufficient permissions. Which it often has to at least override your own PHP scripts. So you should at least extract the submitted filename’s basename at the very bare minimum. That would result in passwd on the example above. Maybe there are even more PHP-specific things to keep in mind, I don’t know.

Okay, granted you check for the existence of the final file and abort, but it still would be possible to sneak files into places, where they truely do not belong. Like optional configuration files an application would read if present but ignore if missing.

Also checking the file extension to determine whether a file is of a certain type doesn’t really work. You can just lie about the extension.

I’m heading to bed now. Happy fixing my friend! :-)

@fastidious@arrakis.netbros.com I finally had to fast forward. That, erm, techno pop – or I have no idea what you call it – was too much for me. Couldn’t handle it. ;-)

@darch@twtxt.net Hehe! ;-) It’s always refreshing to look at a raw feed. Yarnd in the default theme shows the alternative text in the preview a bit (cuts it off if it’s too long) and also when you click on the image to open it in the dialog. That might be something to incorporate in your Copenhagen theme.

@darch@twtxt.net Yiha! I just explored the code online a little bit. The very first thing that came to mind is that you probably want to maintain a .gitignore in your repo and at least add this silly .DS_Store to it, it’s of no use. Since git only tracks files and not directories some of the folders would be empty. So they do not exist after cloning the repository. There are two commonly used approaches:

1.) The software just creates the directories, if they’re not present. In my opinion that’s the best solution in 99% of the time.
2.) Add and commit an empty file, often named .gitkeep or something similar.

Also temporary editor files are very good candidates to exclude from git. They of course depend on your favorite editor, I always add *.sw? for Vim swap files and also *~ for good measure. Some editors I used in the past just append a tilde to their temp files, so it’s an old habit. Of course, there are plenty of different suffixes, extensions and what not. I tell people to just start out with those the original author uses.

Other than some typos in the README and comments I haven’t tried this out. A few years back I made the resolution to never execute PHP code again if I can help it. 8-)

@david@netbros.com This will make history, no doubt about that!

@darch@twtxt.net Ooops, that wasn’t well thought out on my end. I meant 2022-01-23_logo_03.png

not sure what I like about it, well, it's taste that works in uncharted ways…

@fastidious@arrakis.netbros.com Up until the last few songs, that was a really nice collection I have to say.

@fastidious@arrakis.netbros.com @movq@www.uninformativ.de Glad you liked it! Especially movq! ;-)

@fastidious@arrakis.netbros.com Hahaha, I try to supply regularly. Hope, the @yarn_police@twtxt.net doesn’t watch me!

@fastidious@arrakis.netbros.com @ionores@twtxt.net @jlj@twt.nfld.uk Thank you guys! It’s a pond or small catchment. This concrete thing in the middle is an escape where the water can flow out and form a little creek. The whole field was full of ravens, like about 100 I reckon, and in the middle strutted a gray heron. But that photo turned out too dark to use. The colors today just made it looking like autumn, also with all the leaves still on the ground. Although we’re in the middle of winter of course.

@xuu@txt.sour.is Oh, alrighty then! That also explains the purpose of the share Unicode art.

Well, @prologic@twtxt.net, this statue reminds movq of his old German teacher back in school, who forced him to read shitty books. Of course he didn’t want to, because, well, they were shitty, so he also didn’t do his homework. Instead, he played computer games and disassembled walkmen and portable radios to learn about electronics, which he was much more into. Then, in the next lession the following day the German teacher always gave him lines when he couldn’t show his homework. Since she was also his arts teacher, her favorite and infamous thing was to make her disgraced pupils trace and color portraits of her. One such day movq decided, to let his computer do the extra exercise for him, so he wrote a crude program in BASIC to copy the template photo on his needle printer. To debug the code, he obviously had to look carefully at the photo and study all the details. The rest is history, that’s why he always cringes when he sees his old German and arts teacher sitting on this bench at my mountain. You can’t blame him for that.

@prologic@twtxt.net Thanks. Of course not, absolutely go for it! :-) You’re all always welcome to do with them what ever you want to.

@prologic@twtxt.net I cannot answer this. I never used them myself.

@sorenpeter@darch.dk I stick to it, number three is still my favorite of all of them. ;-)

@prologic@twtxt.net Nah, no worries, mate! Ideed, the discussion was highly productive. We don’t have a solution, but I learned a ton of yarnd’s internals. So success in my books. :-)

@ullarah@txt.quisquiliae.com Just remove the stickers and reglue them.

@fastidious@arrakis.netbros.com I just started playing it in the background. Will report back in two hours.

@fastidious@arrakis.netbros.com Yeah, very nice and well-known wave. I’ve seen it plenty of times, but I never knew what it was called. Until now.